~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/security/keys/trusted-encrypted.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/security/keys/trusted-encrypted.rst (Version linux-6.12-rc7) and /Documentation/security/keys/trusted-encrypted.rst (Version linux-6.8.12)


  1 ==========================                          1 ==========================
  2 Trusted and Encrypted Keys                          2 Trusted and Encrypted Keys
  3 ==========================                          3 ==========================
  4                                                     4 
  5 Trusted and Encrypted Keys are two new key typ      5 Trusted and Encrypted Keys are two new key types added to the existing kernel
  6 key ring service.  Both of these new types are      6 key ring service.  Both of these new types are variable length symmetric keys,
  7 and in both cases all keys are created in the       7 and in both cases all keys are created in the kernel, and user space sees,
  8 stores, and loads only encrypted blobs.  Trust      8 stores, and loads only encrypted blobs.  Trusted Keys require the availability
  9 of a Trust Source for greater security, while       9 of a Trust Source for greater security, while Encrypted Keys can be used on any
 10 system. All user level blobs, are displayed an     10 system. All user level blobs, are displayed and loaded in hex ASCII for
 11 convenience, and are integrity verified.           11 convenience, and are integrity verified.
 12                                                    12 
 13                                                    13 
 14 Trust Source                                       14 Trust Source
 15 ============                                       15 ============
 16                                                    16 
 17 A trust source provides the source of security     17 A trust source provides the source of security for Trusted Keys.  This
 18 section lists currently supported trust source     18 section lists currently supported trust sources, along with their security
 19 considerations.  Whether or not a trust source     19 considerations.  Whether or not a trust source is sufficiently safe depends
 20 on the strength and correctness of its impleme     20 on the strength and correctness of its implementation, as well as the threat
 21 environment for a specific use case.  Since th     21 environment for a specific use case.  Since the kernel doesn't know what the
 22 environment is, and there is no metric of trus     22 environment is, and there is no metric of trust, it is dependent on the
 23 consumer of the Trusted Keys to determine if t     23 consumer of the Trusted Keys to determine if the trust source is sufficiently
 24 safe.                                              24 safe.
 25                                                    25 
 26   *  Root of trust for storage                     26   *  Root of trust for storage
 27                                                    27 
 28      (1) TPM (Trusted Platform Module: hardwar     28      (1) TPM (Trusted Platform Module: hardware device)
 29                                                    29 
 30          Rooted to Storage Root Key (SRK) whic     30          Rooted to Storage Root Key (SRK) which never leaves the TPM that
 31          provides crypto operation to establis     31          provides crypto operation to establish root of trust for storage.
 32                                                    32 
 33      (2) TEE (Trusted Execution Environment: O     33      (2) TEE (Trusted Execution Environment: OP-TEE based on Arm TrustZone)
 34                                                    34 
 35          Rooted to Hardware Unique Key (HUK) w     35          Rooted to Hardware Unique Key (HUK) which is generally burnt in on-chip
 36          fuses and is accessible to TEE only.      36          fuses and is accessible to TEE only.
 37                                                    37 
 38      (3) CAAM (Cryptographic Acceleration and      38      (3) CAAM (Cryptographic Acceleration and Assurance Module: IP on NXP SoCs)
 39                                                    39 
 40          When High Assurance Boot (HAB) is ena     40          When High Assurance Boot (HAB) is enabled and the CAAM is in secure
 41          mode, trust is rooted to the OTPMK, a     41          mode, trust is rooted to the OTPMK, a never-disclosed 256-bit key
 42          randomly generated and fused into eac     42          randomly generated and fused into each SoC at manufacturing time.
 43          Otherwise, a common fixed test key is     43          Otherwise, a common fixed test key is used instead.
 44                                                    44 
 45      (4) DCP (Data Co-Processor: crypto accele << 
 46                                                << 
 47          Rooted to a one-time programmable key << 
 48          in the on-chip fuses and is accessibl << 
 49          DCP provides two keys that can be use << 
 50          and the UNIQUE key. Default is to use << 
 51          the OTP key can be done via a module  << 
 52                                                << 
 53   *  Execution isolation                           45   *  Execution isolation
 54                                                    46 
 55      (1) TPM                                       47      (1) TPM
 56                                                    48 
 57          Fixed set of operations running in is     49          Fixed set of operations running in isolated execution environment.
 58                                                    50 
 59      (2) TEE                                       51      (2) TEE
 60                                                    52 
 61          Customizable set of operations runnin     53          Customizable set of operations running in isolated execution
 62          environment verified via Secure/Trust     54          environment verified via Secure/Trusted boot process.
 63                                                    55 
 64      (3) CAAM                                      56      (3) CAAM
 65                                                    57 
 66          Fixed set of operations running in is     58          Fixed set of operations running in isolated execution environment.
 67                                                    59 
 68      (4) DCP                                   << 
 69                                                << 
 70          Fixed set of cryptographic operations << 
 71          environment. Only basic blob key encr << 
 72          The actual key sealing/unsealing is d << 
 73                                                << 
 74   * Optional binding to platform integrity sta     60   * Optional binding to platform integrity state
 75                                                    61 
 76      (1) TPM                                       62      (1) TPM
 77                                                    63 
 78          Keys can be optionally sealed to spec     64          Keys can be optionally sealed to specified PCR (integrity measurement)
 79          values, and only unsealed by the TPM,     65          values, and only unsealed by the TPM, if PCRs and blob integrity
 80          verifications match. A loaded Trusted     66          verifications match. A loaded Trusted Key can be updated with new
 81          (future) PCR values, so keys are easi     67          (future) PCR values, so keys are easily migrated to new PCR values,
 82          such as when the kernel and initramfs     68          such as when the kernel and initramfs are updated. The same key can
 83          have many saved blobs under different     69          have many saved blobs under different PCR values, so multiple boots are
 84          easily supported.                         70          easily supported.
 85                                                    71 
 86      (2) TEE                                       72      (2) TEE
 87                                                    73 
 88          Relies on Secure/Trusted boot process     74          Relies on Secure/Trusted boot process for platform integrity. It can
 89          be extended with TEE based measured b     75          be extended with TEE based measured boot process.
 90                                                    76 
 91      (3) CAAM                                      77      (3) CAAM
 92                                                    78 
 93          Relies on the High Assurance Boot (HA     79          Relies on the High Assurance Boot (HAB) mechanism of NXP SoCs
 94          for platform integrity.                   80          for platform integrity.
 95                                                    81 
 96      (4) DCP                                   << 
 97                                                << 
 98          Relies on Secure/Trusted boot process << 
 99          platform integrity.                   << 
100                                                << 
101   *  Interfaces and APIs                           82   *  Interfaces and APIs
102                                                    83 
103      (1) TPM                                       84      (1) TPM
104                                                    85 
105          TPMs have well-documented, standardiz     86          TPMs have well-documented, standardized interfaces and APIs.
106                                                    87 
107      (2) TEE                                       88      (2) TEE
108                                                    89 
109          TEEs have well-documented, standardiz     90          TEEs have well-documented, standardized client interface and APIs. For
110          more details refer to ``Documentation     91          more details refer to ``Documentation/driver-api/tee.rst``.
111                                                    92 
112      (3) CAAM                                      93      (3) CAAM
113                                                    94 
114          Interface is specific to silicon vend     95          Interface is specific to silicon vendor.
115                                                    96 
116      (4) DCP                                   << 
117                                                << 
118          Vendor-specific API that is implement << 
119          ``drivers/crypto/mxs-dcp.c``.         << 
120                                                << 
121   *  Threat model                                  97   *  Threat model
122                                                    98 
123      The strength and appropriateness of a par     99      The strength and appropriateness of a particular trust source for a given
124      purpose must be assessed when using them     100      purpose must be assessed when using them to protect security-relevant data.
125                                                   101 
126                                                   102 
127 Key Generation                                    103 Key Generation
128 ==============                                    104 ==============
129                                                   105 
130 Trusted Keys                                      106 Trusted Keys
131 ------------                                      107 ------------
132                                                   108 
133 New keys are created from random numbers. They    109 New keys are created from random numbers. They are encrypted/decrypted using
134 a child key in the storage key hierarchy. Encr    110 a child key in the storage key hierarchy. Encryption and decryption of the
135 child key must be protected by a strong access    111 child key must be protected by a strong access control policy within the
136 trust source. The random number generator in u    112 trust source. The random number generator in use differs according to the
137 selected trust source:                            113 selected trust source:
138                                                   114 
139   *  TPM: hardware device based RNG               115   *  TPM: hardware device based RNG
140                                                   116 
141      Keys are generated within the TPM. Streng    117      Keys are generated within the TPM. Strength of random numbers may vary
142      from one device manufacturer to another.     118      from one device manufacturer to another.
143                                                   119 
144   *  TEE: OP-TEE based on Arm TrustZone based     120   *  TEE: OP-TEE based on Arm TrustZone based RNG
145                                                   121 
146      RNG is customizable as per platform needs    122      RNG is customizable as per platform needs. It can either be direct output
147      from platform specific hardware RNG or a     123      from platform specific hardware RNG or a software based Fortuna CSPRNG
148      which can be seeded via multiple entropy     124      which can be seeded via multiple entropy sources.
149                                                   125 
150   *  CAAM: Kernel RNG                             126   *  CAAM: Kernel RNG
151                                                   127 
152      The normal kernel random number generator    128      The normal kernel random number generator is used. To seed it from the
153      CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RN    129      CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RNG_API and ensure the device
154      is probed.                                   130      is probed.
155                                                   131 
156   *  DCP (Data Co-Processor: crypto accelerato << 
157                                                << 
158      The DCP hardware device itself does not p << 
159      so the kernel default RNG is used. SoCs w << 
160      a dedicated hardware RNG that is independ << 
161      to back the kernel RNG.                   << 
162                                                << 
163 Users may override this by specifying ``truste    132 Users may override this by specifying ``trusted.rng=kernel`` on the kernel
164 command-line to override the used RNG with the    133 command-line to override the used RNG with the kernel's random number pool.
165                                                   134 
166 Encrypted Keys                                    135 Encrypted Keys
167 --------------                                    136 --------------
168                                                   137 
169 Encrypted keys do not depend on a trust source    138 Encrypted keys do not depend on a trust source, and are faster, as they use AES
170 for encryption/decryption. New keys are create    139 for encryption/decryption. New keys are created either from kernel-generated
171 random numbers or user-provided decrypted data    140 random numbers or user-provided decrypted data, and are encrypted/decrypted
172 using a specified ‘master’ key. The ‘mas    141 using a specified ‘master’ key. The ‘master’ key can either be a trusted-key or
173 user-key type. The main disadvantage of encryp    142 user-key type. The main disadvantage of encrypted keys is that if they are not
174 rooted in a trusted key, they are only as secu    143 rooted in a trusted key, they are only as secure as the user key encrypting
175 them. The master user key should therefore be     144 them. The master user key should therefore be loaded in as secure a way as
176 possible, preferably early in boot.               145 possible, preferably early in boot.
177                                                   146 
178                                                   147 
179 Usage                                             148 Usage
180 =====                                             149 =====
181                                                   150 
182 Trusted Keys usage: TPM                           151 Trusted Keys usage: TPM
183 -----------------------                           152 -----------------------
184                                                   153 
185 TPM 1.2: By default, trusted keys are sealed u    154 TPM 1.2: By default, trusted keys are sealed under the SRK, which has the
186 default authorization value (20 bytes of 0s).     155 default authorization value (20 bytes of 0s).  This can be set at takeownership
187 time with the TrouSerS utility: "tpm_takeowner    156 time with the TrouSerS utility: "tpm_takeownership -u -z".
188                                                   157 
189 TPM 2.0: The user must first create a storage     158 TPM 2.0: The user must first create a storage key and make it persistent, so the
190 key is available after reboot. This can be don    159 key is available after reboot. This can be done using the following commands.
191                                                   160 
192 With the IBM TSS 2 stack::                        161 With the IBM TSS 2 stack::
193                                                   162 
194   #> tsscreateprimary -hi o -st                   163   #> tsscreateprimary -hi o -st
195   Handle 80000000                                 164   Handle 80000000
196   #> tssevictcontrol -hi o -ho 80000000 -hp 81    165   #> tssevictcontrol -hi o -ho 80000000 -hp 81000001
197                                                   166 
198 Or with the Intel TSS 2 stack::                   167 Or with the Intel TSS 2 stack::
199                                                   168 
200   #> tpm2_createprimary --hierarchy o -G rsa20    169   #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
201   [...]                                           170   [...]
202   #> tpm2_evictcontrol -c key.ctxt 0x81000001     171   #> tpm2_evictcontrol -c key.ctxt 0x81000001
203   persistentHandle: 0x81000001                    172   persistentHandle: 0x81000001
204                                                   173 
205 Usage::                                           174 Usage::
206                                                   175 
207     keyctl add trusted name "new keylen [optio    176     keyctl add trusted name "new keylen [options]" ring
208     keyctl add trusted name "load hex_blob [pc    177     keyctl add trusted name "load hex_blob [pcrlock=pcrnum]" ring
209     keyctl update key "update [options]"          178     keyctl update key "update [options]"
210     keyctl print keyid                            179     keyctl print keyid
211                                                   180 
212     options:                                      181     options:
213        keyhandle=    ascii hex value of sealin    182        keyhandle=    ascii hex value of sealing key
214                        TPM 1.2: default 0x4000    183                        TPM 1.2: default 0x40000000 (SRK)
215                        TPM 2.0: no default; mu    184                        TPM 2.0: no default; must be passed every time
216        keyauth=      ascii hex auth for sealin    185        keyauth=      ascii hex auth for sealing key default 0x00...i
217                      (40 ascii zeros)             186                      (40 ascii zeros)
218        blobauth=     ascii hex auth for sealed    187        blobauth=     ascii hex auth for sealed data default 0x00...
219                      (40 ascii zeros)             188                      (40 ascii zeros)
220        pcrinfo=      ascii hex of PCR_INFO or     189        pcrinfo=      ascii hex of PCR_INFO or PCR_INFO_LONG (no default)
221        pcrlock=      pcr number to be extended    190        pcrlock=      pcr number to be extended to "lock" blob
222        migratable=   0|1 indicating permission    191        migratable=   0|1 indicating permission to reseal to new PCR values,
223                      default 1 (resealing allo    192                      default 1 (resealing allowed)
224        hash=         hash algorithm name as a     193        hash=         hash algorithm name as a string. For TPM 1.x the only
225                      allowed value is sha1. Fo    194                      allowed value is sha1. For TPM 2.x the allowed values
226                      are sha1, sha256, sha384,    195                      are sha1, sha256, sha384, sha512 and sm3-256.
227        policydigest= digest for the authorizat    196        policydigest= digest for the authorization policy. must be calculated
228                      with the same hash algori    197                      with the same hash algorithm as specified by the 'hash='
229                      option.                      198                      option.
230        policyhandle= handle to an authorizatio    199        policyhandle= handle to an authorization policy session that defines the
231                      same policy and with the     200                      same policy and with the same hash algorithm as was used to
232                      seal the key.                201                      seal the key.
233                                                   202 
234 "keyctl print" returns an ascii hex copy of th    203 "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
235 TPM_STORED_DATA format.  The key length for ne    204 TPM_STORED_DATA format.  The key length for new keys are always in bytes.
236 Trusted Keys can be 32 - 128 bytes (256 - 1024    205 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits), the upper limit is to fit
237 within the 2048 bit SRK (RSA) keylength, with     206 within the 2048 bit SRK (RSA) keylength, with all necessary structure/padding.
238                                                   207 
239 Trusted Keys usage: TEE                           208 Trusted Keys usage: TEE
240 -----------------------                           209 -----------------------
241                                                   210 
242 Usage::                                           211 Usage::
243                                                   212 
244     keyctl add trusted name "new keylen" ring     213     keyctl add trusted name "new keylen" ring
245     keyctl add trusted name "load hex_blob" ri    214     keyctl add trusted name "load hex_blob" ring
246     keyctl print keyid                            215     keyctl print keyid
247                                                   216 
248 "keyctl print" returns an ASCII hex copy of th    217 "keyctl print" returns an ASCII hex copy of the sealed key, which is in format
249 specific to TEE device implementation.  The ke    218 specific to TEE device implementation.  The key length for new keys is always
250 in bytes. Trusted Keys can be 32 - 128 bytes (    219 in bytes. Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
251                                                   220 
252 Trusted Keys usage: CAAM                          221 Trusted Keys usage: CAAM
253 ------------------------                          222 ------------------------
254                                                   223 
255 Usage::                                           224 Usage::
256                                                   225 
257     keyctl add trusted name "new keylen" ring     226     keyctl add trusted name "new keylen" ring
258     keyctl add trusted name "load hex_blob" ri    227     keyctl add trusted name "load hex_blob" ring
259     keyctl print keyid                            228     keyctl print keyid
260                                                   229 
261 "keyctl print" returns an ASCII hex copy of th    230 "keyctl print" returns an ASCII hex copy of the sealed key, which is in a
262 CAAM-specific format.  The key length for new     231 CAAM-specific format.  The key length for new keys is always in bytes.
263 Trusted Keys can be 32 - 128 bytes (256 - 1024    232 Trusted Keys can be 32 - 128 bytes (256 - 1024 bits).
264                                                   233 
265 Trusted Keys usage: DCP                        << 
266 -----------------------                        << 
267                                                << 
268 Usage::                                        << 
269                                                << 
270     keyctl add trusted name "new keylen" ring  << 
271     keyctl add trusted name "load hex_blob" ri << 
272     keyctl print keyid                         << 
273                                                << 
274 "keyctl print" returns an ASCII hex copy of th << 
275 specific to this DCP key-blob implementation.  << 
276 always in bytes. Trusted Keys can be 32 - 128  << 
277                                                << 
278 Encrypted Keys usage                              234 Encrypted Keys usage
279 --------------------                              235 --------------------
280                                                   236 
281 The decrypted portion of encrypted keys can co    237 The decrypted portion of encrypted keys can contain either a simple symmetric
282 key or a more complex structure. The format of    238 key or a more complex structure. The format of the more complex structure is
283 application specific, which is identified by '    239 application specific, which is identified by 'format'.
284                                                   240 
285 Usage::                                           241 Usage::
286                                                   242 
287     keyctl add encrypted name "new [format] ke    243     keyctl add encrypted name "new [format] key-type:master-key-name keylen"
288         ring                                      244         ring
289     keyctl add encrypted name "new [format] ke    245     keyctl add encrypted name "new [format] key-type:master-key-name keylen
290         decrypted-data" ring                      246         decrypted-data" ring
291     keyctl add encrypted name "load hex_blob"     247     keyctl add encrypted name "load hex_blob" ring
292     keyctl update keyid "update key-type:maste    248     keyctl update keyid "update key-type:master-key-name"
293                                                   249 
294 Where::                                           250 Where::
295                                                   251 
296         format:= 'default | ecryptfs | enc32'     252         format:= 'default | ecryptfs | enc32'
297         key-type:= 'trusted' | 'user'             253         key-type:= 'trusted' | 'user'
298                                                   254 
299 Examples of trusted and encrypted key usage       255 Examples of trusted and encrypted key usage
300 -------------------------------------------       256 -------------------------------------------
301                                                   257 
302 Create and save a trusted key named "kmk" of l    258 Create and save a trusted key named "kmk" of length 32 bytes.
303                                                   259 
304 Note: When using a TPM 2.0 with a persistent k    260 Note: When using a TPM 2.0 with a persistent key with handle 0x81000001,
305 append 'keyhandle=0x81000001' to statements be    261 append 'keyhandle=0x81000001' to statements between quotes, such as
306 "new 32 keyhandle=0x81000001".                    262 "new 32 keyhandle=0x81000001".
307                                                   263 
308 ::                                                264 ::
309                                                   265 
310     $ keyctl add trusted kmk "new 32" @u          266     $ keyctl add trusted kmk "new 32" @u
311     440502848                                     267     440502848
312                                                   268 
313     $ keyctl show                                 269     $ keyctl show
314     Session Keyring                               270     Session Keyring
315            -3 --alswrv    500   500  keyring:     271            -3 --alswrv    500   500  keyring: _ses
316      97833714 --alswrv    500    -1   \_ keyri    272      97833714 --alswrv    500    -1   \_ keyring: _uid.500
317     440502848 --alswrv    500   500       \_ t    273     440502848 --alswrv    500   500       \_ trusted: kmk
318                                                   274 
319     $ keyctl print 440502848                      275     $ keyctl print 440502848
320     0101000000000000000001005d01b7e3f4a6be5709    276     0101000000000000000001005d01b7e3f4a6be5709930f3b70a743cbb42e0cc95e18e915
321     3f60da455bbf1144ad12e4f92b452f966929f6105f    277     3f60da455bbf1144ad12e4f92b452f966929f6105fd29ca28e4d4d5a031d068478bacb0b
322     27351119f822911b0a11ba3d3498ba6a32e50dac7f    278     27351119f822911b0a11ba3d3498ba6a32e50dac7f32894dd890eb9ad578e4e292c83722
323     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    279     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62cad7d817f6dc58898b3ac15f36026fec
324     d568bd4a706cb60bb37be6d8f1240661199d640b66    280     d568bd4a706cb60bb37be6d8f1240661199d640b66fb0fe3b079f97f450b9ef9c22c6d5d
325     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    281     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471dc6d13ecf8298b946f65345faa5ef0
326     f1f8fff03ad0acb083725535636addb08d73dedb98    282     f1f8fff03ad0acb083725535636addb08d73dedb9832da198081e5deae84bfaf0409c22b
327     e4a8aea2b607ec96931e6f4d4fe563ba              283     e4a8aea2b607ec96931e6f4d4fe563ba
328                                                   284 
329     $ keyctl pipe 440502848 > kmk.blob            285     $ keyctl pipe 440502848 > kmk.blob
330                                                   286 
331 Load a trusted key from the saved blob::          287 Load a trusted key from the saved blob::
332                                                   288 
333     $ keyctl add trusted kmk "load `cat kmk.bl    289     $ keyctl add trusted kmk "load `cat kmk.blob`" @u
334     268728824                                     290     268728824
335                                                   291 
336     $ keyctl print 268728824                      292     $ keyctl print 268728824
337     0101000000000000000001005d01b7e3f4a6be5709    293     0101000000000000000001005d01b7e3f4a6be5709930f3b70a743cbb42e0cc95e18e915
338     3f60da455bbf1144ad12e4f92b452f966929f6105f    294     3f60da455bbf1144ad12e4f92b452f966929f6105fd29ca28e4d4d5a031d068478bacb0b
339     27351119f822911b0a11ba3d3498ba6a32e50dac7f    295     27351119f822911b0a11ba3d3498ba6a32e50dac7f32894dd890eb9ad578e4e292c83722
340     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    296     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62cad7d817f6dc58898b3ac15f36026fec
341     d568bd4a706cb60bb37be6d8f1240661199d640b66    297     d568bd4a706cb60bb37be6d8f1240661199d640b66fb0fe3b079f97f450b9ef9c22c6d5d
342     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    298     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471dc6d13ecf8298b946f65345faa5ef0
343     f1f8fff03ad0acb083725535636addb08d73dedb98    299     f1f8fff03ad0acb083725535636addb08d73dedb9832da198081e5deae84bfaf0409c22b
344     e4a8aea2b607ec96931e6f4d4fe563ba              300     e4a8aea2b607ec96931e6f4d4fe563ba
345                                                   301 
346 Reseal (TPM specific) a trusted key under new     302 Reseal (TPM specific) a trusted key under new PCR values::
347                                                   303 
348     $ keyctl update 268728824 "update pcrinfo=    304     $ keyctl update 268728824 "update pcrinfo=`cat pcr.blob`"
349     $ keyctl print 268728824                      305     $ keyctl print 268728824
350     010100000000002c0002800093c35a09b70fff26e7    306     010100000000002c0002800093c35a09b70fff26e7a98ae786c641e678ec6ffb6b46d805
351     77c8a6377aed9d3219c6dfec4b23ffe3000001005d    307     77c8a6377aed9d3219c6dfec4b23ffe3000001005d37d472ac8a44023fbb3d18583a4f73
352     d3a076c0858f6f1dcaa39ea0f119911ff03f5406df    308     d3a076c0858f6f1dcaa39ea0f119911ff03f5406df4f7f27f41da8d7194f45c9f4e00f2e
353     df449f266253aa3f52e55c53de147773e00f0f9aca    309     df449f266253aa3f52e55c53de147773e00f0f9aca86c64d94c95382265968c354c5eab4
354     9638c5ae99c89de1e0997242edfb0b501744e11ff9    310     9638c5ae99c89de1e0997242edfb0b501744e11ff9762dfd951cffd93227cc513384e7e6
355     e782c29435c7ec2edafaa2f4c1fe6e7a781b59549f    311     e782c29435c7ec2edafaa2f4c1fe6e7a781b59549ff5296371b42133777dcc5b8b971610
356     94bc67ede19e43ddb9dc2baacad374a36feaf0314d    312     94bc67ede19e43ddb9dc2baacad374a36feaf0314d700af0a65c164b7082401740e489c9
357     7ef6a24defe4846104209bf0c3eced7fa1a672ed5b    313     7ef6a24defe4846104209bf0c3eced7fa1a672ed5b125fc9d8cd88b476a658a4434644ef
358     df8ae9a178e9f83ba9f08d10fa47e4226b98b0702f    314     df8ae9a178e9f83ba9f08d10fa47e4226b98b0702f06b3b8
359                                                   315 
360                                                   316 
361 The initial consumer of trusted keys is EVM, w    317 The initial consumer of trusted keys is EVM, which at boot time needs a high
362 quality symmetric key for HMAC protection of f    318 quality symmetric key for HMAC protection of file metadata. The use of a
363 trusted key provides strong guarantees that th    319 trusted key provides strong guarantees that the EVM key has not been
364 compromised by a user level problem, and when     320 compromised by a user level problem, and when sealed to a platform integrity
365 state, protects against boot and offline attac    321 state, protects against boot and offline attacks. Create and save an
366 encrypted key "evm" using the above trusted ke    322 encrypted key "evm" using the above trusted key "kmk":
367                                                   323 
368 option 1: omitting 'format'::                     324 option 1: omitting 'format'::
369                                                   325 
370     $ keyctl add encrypted evm "new trusted:km    326     $ keyctl add encrypted evm "new trusted:kmk 32" @u
371     159771175                                     327     159771175
372                                                   328 
373 option 2: explicitly defining 'format' as 'def    329 option 2: explicitly defining 'format' as 'default'::
374                                                   330 
375     $ keyctl add encrypted evm "new default tr    331     $ keyctl add encrypted evm "new default trusted:kmk 32" @u
376     159771175                                     332     159771175
377                                                   333 
378     $ keyctl print 159771175                      334     $ keyctl print 159771175
379     default trusted:kmk 32 2375725ad57798846a9    335     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
380     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    336     82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0
381     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    337     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
382                                                   338 
383     $ keyctl pipe 159771175 > evm.blob            339     $ keyctl pipe 159771175 > evm.blob
384                                                   340 
385 Load an encrypted key "evm" from saved blob::     341 Load an encrypted key "evm" from saved blob::
386                                                   342 
387     $ keyctl add encrypted evm "load `cat evm.    343     $ keyctl add encrypted evm "load `cat evm.blob`" @u
388     831684262                                     344     831684262
389                                                   345 
390     $ keyctl print 831684262                      346     $ keyctl print 831684262
391     default trusted:kmk 32 2375725ad57798846a9    347     default trusted:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b3
392     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    348     82dbbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0
393     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    349     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc
394                                                   350 
395 Instantiate an encrypted key "evm" using user-    351 Instantiate an encrypted key "evm" using user-provided decrypted data::
396                                                   352 
397     $ evmkey=$(dd if=/dev/urandom bs=1 count=3    353     $ evmkey=$(dd if=/dev/urandom bs=1 count=32 | xxd -c32 -p)
398     $ keyctl add encrypted evm "new default us    354     $ keyctl add encrypted evm "new default user:kmk 32 $evmkey" @u
399     794890253                                     355     794890253
400                                                   356 
401     $ keyctl print 794890253                      357     $ keyctl print 794890253
402     default user:kmk 32 2375725ad57798846a9bbd    358     default user:kmk 32 2375725ad57798846a9bbd240de8906f006e66c03af53b1b382d
403     bbc55be2a44616e4959430436dc4f2a7a9659aa60b    359     bbc55be2a44616e4959430436dc4f2a7a9659aa60bb4652aeb2120f149ed197c564e0247
404     17c64 5972dcb82ab2dde83376d82b2e3c09ffc       360     17c64 5972dcb82ab2dde83376d82b2e3c09ffc
405                                                   361 
406 Other uses for trusted and encrypted keys, suc    362 Other uses for trusted and encrypted keys, such as for disk and file encryption
407 are anticipated.  In particular the new format    363 are anticipated.  In particular the new format 'ecryptfs' has been defined
408 in order to use encrypted keys to mount an eCr    364 in order to use encrypted keys to mount an eCryptfs filesystem.  More details
409 about the usage can be found in the file          365 about the usage can be found in the file
410 ``Documentation/security/keys/ecryptfs.rst``.     366 ``Documentation/security/keys/ecryptfs.rst``.
411                                                   367 
412 Another new format 'enc32' has been defined in    368 Another new format 'enc32' has been defined in order to support encrypted keys
413 with payload size of 32 bytes. This will initi    369 with payload size of 32 bytes. This will initially be used for nvdimm security
414 but may expand to other usages that require 32    370 but may expand to other usages that require 32 bytes payload.
415                                                   371 
416                                                   372 
417 TPM 2.0 ASN.1 Key Format                          373 TPM 2.0 ASN.1 Key Format
418 ------------------------                          374 ------------------------
419                                                   375 
420 The TPM 2.0 ASN.1 key format is designed to be    376 The TPM 2.0 ASN.1 key format is designed to be easily recognisable,
421 even in binary form (fixing a problem we had w    377 even in binary form (fixing a problem we had with the TPM 1.2 ASN.1
422 format) and to be extensible for additions lik    378 format) and to be extensible for additions like importable keys and
423 policy::                                          379 policy::
424                                                   380 
425     TPMKey ::= SEQUENCE {                         381     TPMKey ::= SEQUENCE {
426         type            OBJECT IDENTIFIER         382         type            OBJECT IDENTIFIER
427         emptyAuth       [0] EXPLICIT BOOLEAN O    383         emptyAuth       [0] EXPLICIT BOOLEAN OPTIONAL
428         parent          INTEGER                   384         parent          INTEGER
429         pubkey          OCTET STRING              385         pubkey          OCTET STRING
430         privkey         OCTET STRING              386         privkey         OCTET STRING
431     }                                             387     }
432                                                   388 
433 type is what distinguishes the key even in bin    389 type is what distinguishes the key even in binary form since the OID
434 is provided by the TCG to be unique and thus f    390 is provided by the TCG to be unique and thus forms a recognizable
435 binary pattern at offset 3 in the key.  The OI    391 binary pattern at offset 3 in the key.  The OIDs currently made
436 available are::                                   392 available are::
437                                                   393 
438     2.23.133.10.1.3 TPM Loadable key.  This is    394     2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
439                     RSA2048 or Elliptic Curve)    395                     RSA2048 or Elliptic Curve) which can be imported by a
440                     TPM2_Load() operation.        396                     TPM2_Load() operation.
441                                                   397 
442     2.23.133.10.1.4 TPM Importable Key.  This     398     2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
443                     RSA2048 or Elliptic Curve)    399                     RSA2048 or Elliptic Curve) which can be imported by a
444                     TPM2_Import() operation.      400                     TPM2_Import() operation.
445                                                   401 
446     2.23.133.10.1.5 TPM Sealed Data.  This is     402     2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
447                     bytes) which is sealed by     403                     bytes) which is sealed by the TPM.  It usually
448                     represents a symmetric key    404                     represents a symmetric key and must be unsealed before
449                     use.                          405                     use.
450                                                   406 
451 The trusted key code only uses the TPM Sealed     407 The trusted key code only uses the TPM Sealed Data OID.
452                                                   408 
453 emptyAuth is true if the key has well known au    409 emptyAuth is true if the key has well known authorization "".  If it
454 is false or not present, the key requires an e    410 is false or not present, the key requires an explicit authorization
455 phrase.  This is used by most user space consu    411 phrase.  This is used by most user space consumers to decide whether
456 to prompt for a password.                         412 to prompt for a password.
457                                                   413 
458 parent represents the parent key handle, eithe    414 parent represents the parent key handle, either in the 0x81 MSO space,
459 like 0x81000001 for the RSA primary storage ke    415 like 0x81000001 for the RSA primary storage key.  Userspace programmes
460 also support specifying the primary handle in     416 also support specifying the primary handle in the 0x40 MSO space.  If
461 this happens the Elliptic Curve variant of the    417 this happens the Elliptic Curve variant of the primary key using the
462 TCG defined template will be generated on the     418 TCG defined template will be generated on the fly into a volatile
463 object and used as the parent.  The current ke    419 object and used as the parent.  The current kernel code only supports
464 the 0x81 MSO form.                                420 the 0x81 MSO form.
465                                                   421 
466 pubkey is the binary representation of TPM2B_P    422 pubkey is the binary representation of TPM2B_PRIVATE excluding the
467 initial TPM2B header, which can be reconstruct    423 initial TPM2B header, which can be reconstructed from the ASN.1 octet
468 string length.                                    424 string length.
469                                                   425 
470 privkey is the binary representation of TPM2B_    426 privkey is the binary representation of TPM2B_PUBLIC excluding the
471 initial TPM2B header which can be reconstructe    427 initial TPM2B header which can be reconstructed from the ASN.1 octed
472 string length.                                    428 string length.
473                                                << 
474 DCP Blob Format                                << 
475 ---------------                                << 
476                                                << 
477 .. kernel-doc:: security/keys/trusted-keys/tru << 
478    :doc: dcp blob format                       << 
479                                                << 
480 .. kernel-doc:: security/keys/trusted-keys/tru << 
481    :identifiers: struct dcp_blob_fmt           << 
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php